The accessibility challenges are all the extra different failure modes HTTPS presents, such as client date offset, older devices, expired certificates, hostname mismatches, and many others.
Security is not the only priority in existence. Sometimes people just want to access the information. And when that is the case, HTTPS can be a huge impediment.
> Security is not the only priority in existence. Sometimes people just want to access the information. And when that is the case, HTTPS can be a huge impediment.
I suppose you'd be fine if your government started replacing the content of Wikipedia with their own propaganda/removing critical information about themselves from traffic?
how? Edits on Wikipedia are public, including historical monthly backups available over bt all the way back to 2006, and I can ensure Wikipedia servers are serving it correctly by cross-referencing that and the edits. With http, any ISP (whose operators all tend to favor government cooperation) or switch in the middle could sed content to remove or slightly alter known-critical content.
yeah... i havent gotten a good response why localhost should scream "insecure" or why i should wikipedia fail if my rtc clock is wonky.
i am not denying "security from snoops while paying with credit cards" and all that banking shit or messaging. heck, email is sent over the clear but we are told to use https to connect to the website (for webmails) using https for "security"...
sure sure security is all good and snazzy but i regularly come across websites who have had certs expired and the website makes it appear as if the sky will fall if i click on continue.
then we have ISPs who use DPI (my current ISP, reliance jio is doing it from day 1) so whats the point of pretending anyway?
Security is not the only priority in existence. Sometimes people just want to access the information. And when that is the case, HTTPS can be a huge impediment.